CVE search results

201 – 210 of 471 results

Detailed view

Sort by:

CVE-2016-9074

Medium priority

Fixed

An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and...

1 affected package

nss

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nss	—	—	—	—

CVE-2016-5285

Medium priority

Fixed

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

1 affected package

nss

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nss	—	—	—	—

CVE-2016-7055

Low priority

Fixed

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that...

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl098	—	—	—	—

CVE-2016-8610

Low priority

Some fixes available 13 of 15

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw...

4 affected packages

gnutls28, openssl098, gnutls26, openssl

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gnutls28	—	—	—	Not affected
openssl098	—	—	—	Not in release
gnutls26	—	—	—	Not in release
openssl	—	—	—	Fixed

CVE-2016-7052

Medium priority

Not affected

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl098	—	—	—	—

CVE-2016-6309

High priority

Not affected

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl098	—	—	—	—

CVE-2016-6308

Low priority

Not affected

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via...

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl098	—	—	—	—

CVE-2016-6307

Low priority

Not affected

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted...

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl098	—	—	—	—

CVE-2016-6305

Medium priority

Not affected

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl098	—	—	—	—

CVE-2016-6304

High priority

Some fixes available 9 of 10

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	Fixed
openssl098	—	—	—	Not in release

Export to JSON

Results by page:

Search CVE reports